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WE CLAIM : 

L A method for generating identification data, coniprising the steps of: 

iding a first set of identification data related to4 first transaction type; and 
performing a cryptographic operation upon first set of identification data, thereby 
generating a second set of identification data^lated to a second transaction type. 




2. A method accorcjing to claim 1, wherein the step of performing a cryptographic 
operation comprises: 

providing a^nversion key; and 

using/Ae conversion key to perform said cryptographic operation upon the first set of 
identifieation data. 




A method according to clainyz, wherein the step of providing a conversion key 

fprises: 

providing conversion kevflerivation data; 
providing a conversion key derivation key; and 

performing a c^ptographic operation upon the conversion key derivation data and the 
conversion key derivation key. 
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4. A method accordiim to claim 3, wherein the step of perforaiing a cryptographic 
operation upon the conversion kery derivation data and the conversion key derivation key 
comprises using the conversion/key derivation key to perform at least one cryptographic 
operation upon the conversion /key derivation data. 

5. A method according to claim 4, wherein the conversion key derivation data 
includes an identification nijrnber that is associated with multiple accounts, and wherein at least 
one cryptographic operation using a secret key is performed to cryptographically process said 
conversion key derivation aata to produce the conversion key. 



method according to claim l^wlierein the step of performing a cryptographic 



ration comprises: 

providing cryptogr:apliically-computed data; and 

performing an operation upon the first set of identification data and the cryptographically- 




comguted data. 




ll A method according tj/claim 6, wherein the step of providing cryptographically- 
uted data comprises: 
providing initial data* ^d 
performing at least^ne cryptographic operation using a secret key upon the initial data, 
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thereby producing the cryptographically-coiMnited data. 



8. A method according to claim 7, wherein said at least one cryptographic operation 
using a secret key comprises at least one of a DES-encryption and a DES-decryption. 





9. ^method according to claim 8, wherein at least a portion of the initial data is 
obtained frdm at least a portion of an account number. 



A method according to claim 9, wherein the operation upon the first set of 
identification data and the cryptographically-computed data comprises either a subtraction 



operation or an addition operatio 



11. A method accordii ig 



computed data further comprises 
corresponding to a base of a nuntber 
cryptographically-computed nufliDer 
of said number representing the 



to claim 10, wherein the step of providing cryptographically- 
generating a cryptographically-computed number having a base 
representing the first set of identification data, wherein said 
has a number of digits corresponding to a number of digits 
irst set of identification data. 



12. A method accord ng to claim 6, wherein the step of providing cryptographically- 
computed data comprises generating a cryptographically-computed number having a base 
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corresponding to a base of a nitnber representing the first set of identification data, wherein said 



cryptographically-computed ni 



iber has a number of digits corresponding to a number of digits 




of said number representing the first set of identification data. 



13. A method according to claim 6, wherein the operation upon the first set of 
identification data and the cryptographically-computed data comprises either a subtraction 
operation or an addition opeiation. 





A method for generating a cjy^graphy key, comprising: 
providing a key derivation>6y; 

using the key deriprfion key in a cryptographic operation performed on data obtained 
fi-om an identificatkm number, thereby producing the cryptographic key. 



15. A method according to claimyl>l, further comprising generating a key-check value 



suitable for determining whether data r^eived corresponds to the cryptography key. 



16. A method ap<^brding to claim 15, wherein the step of generating a key-check value 
comprises: 

using a portion of the cryptography key to DES-encrypt a system-wide constant, thereby 
producing a first key-check value generation result; 
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using a portion of the cryptography key topES-decrypt the first key-check value 
generation resuh, thereby producing a^^jec6nd key-check value generation result; 

using a portion of the^cfyptography key to DES-encrypt the second key-check value 
generation result, tjiefeby producing a third key-check value generation result; and 

selecting a portion of the third key-check value generation result for use as a key-check 




A system for generating identification data, comprising: 
a memory for storing a first set of identification data related to a first transaction type; 

a processor for performing ; a cryptographic operation upon the first set of data, such that 
said processor generates a second set.of identification data related to a second transaction type. 



conversion key, and wherein the 
perform a cryptographic operation 



1 8. The system of cla m 1 7, wherein the memory includes means for storing a 

Drocessor comprises means for using the conversion key to 
upon the first set of identification data. 




The system of claim 18<wherein the memory further includes: 
means for storing conversion key derivation data; and 
means for storing a co^ersion key derivation key; and 
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wherein the processor comprises means to perform a cryptographic operation upon the 
conversion key derivation data and the conversion key derivation key, thereby generating the 
conversion key. 

20. The system of claim 19] wherein the cryptographic operation upon the conversion 
key derivation data and the conversion key derivation key comprises at least one DES operation. 



21. The system of claim wherein the conversion key derivation data is derived 
from an identification number, and wherein said at least one DES operation comprises: 

using a portion of the conversion key derivation key to DES-encrypt the conversion key 
derivation data, thereby producing a first conversion key generation result; 

using a portion of the conversion key derivation key to DES-decrypt the first conversion 



key generation result, thereby pro* 
using a portion of the con^ 

conversion key generation result, 
using the third conversioi . 



lucing a second conversion key generation result; 
ersion key derivation key to DES-encrypt the second 
thereby producing a third conversion key generation result; 
. key generation result as a first portion of the conversion key; 
using a portion of the conversion key derivation key to DES-encrypt the third conversion 
key generation result, thereby producing a fourth conversion key generation result; 

using a portion of the co iversion key derivation key to DES-decrypt the fourth 
conversion key generation result, thereby producing a fifth conversion key generation result; 
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using a portion of the conversionjtej^erivation key to DES-encrypt the fifth conversion 
key generation resuh, thgj:eb5^oducing a sixth conversion key generation resuh; and 

using^tiie sixth conversion key generation result as a second portion of the conversion 



^^\p 22^x-^^ihe system of claim 17, ^^lepem the memory includes means for storing 



^ptographically-computed data, andwherein the processor comprises: 
means for generating^he cryptographically-computed data; and 
means for performing an operation upon the first set of identification data and the 
cryptographically-computed data. 




/23. The system of claim 22, wherein the mei^ry further includes means for storing 
initial data, and wherein the means for generating cryptographically-computed data 
comprises means for performing at least one cn/ptographic operation upon the initial data, 
thereby producing the cryptographically-computed data. 

24. The system of claiin 23, wherein said at least one cryptographic operation 
comprises at least one of a DBS -encryption and a DES-decryption. 



25. The system of claim 24, wherein the initial data is obtained from an account 
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number, wherein the memojy^irther includes means for storing a conversion key, and wherein 
the cryptographic on^tion uses the initial data and the conversion key to produce the 
cryptographically-computed data. 




The system of clairi 25, wherein the means for performing an operation upon the 



A fim set of identification data and 



the cryptographically-computed data comprises either a 



subtraction means or an addition i leans. 



27. The system of claim 25, wherein the means for performing an operation further 
comprises means for generating a cryptographically-computed number having a base 
corresponding to a base of a mmlber representing the first set of identification data, wherein said 
cryptographically-computed number has a number of digits corresponding to a number of digits 

first set of identification data. 



of said nimiber representing the 



28. The system of claim 22, wherein the means for performing an operation 



comprises means for generating 



cryptographically-computed ni 



a cryptographically-computed nimiber having a base 



corresponding to a base of a nunber representing the first set of identification data, wherein said 



her has a nximber of digits corresponding to a number of digits 



of said number representing the first set of identification data. 



NY02:21 1875.1 



APS 1994 070457.0747 



1 29. The system of claim 22, wherein the means for performing an operation 

2 comprises either a subtraction means or an addition means. 




A system for ger^erating a cryptography key, comprising: 
a memory, comprising 

a key derivation key; and 
the key derivation key in a cryptographic operation performed on 



means for storin 
means for using 



1 



02 



L3 



data obtained from an identification number, thereby producing the cryptographic key. 



3 1 . The system of cjlaim 
processor further comprises mjsans 
whether the data corresponds 



im 30, further comprising means for receiving data, wherein the 
for generating a key-check value suitable for determining 
o the cryptography key. 



i0 C^J^'^ \ Th^ system of claim 3 1 , wherein the ^frieans for generating a key-check value 

2 comprises: 

3 means for storing a system-wid^onstant; 

4 means for using a portion/di the cryptography key to DES-encrypt the system-wide 

5 constant, thereby producing^ first key-check value generation resuh; 

6 means for using a portion of the cryptography key to DES-decrypt the first key-check 

7 value generation riefsult, thereby producing a second key-check value generation result; 
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means for using a portion oph^cryptography key to DES-encrypt the second key-check 
value generation result^^tbd^by producing a third key-check value generation resuh; and 

mQapat^T selecting a portion of the third key-check value generation result for use as a 
ke;^^^eck value. 

\ 

A system for generating identification data, comprising: 
a memory; 

a processor in communication with the memory; and 

a computer-readable medium in communication with the processor and storing 
instructions which, when executed, cause the processor to perform the steps of: 

storing a first set of identification data in the memory, said first set being related 
to a first transaction type; and 

performing a cryptographic operation upon the first set of identification data, 
thereby generating a second set of identification data related to a second transaction type. 



34. The system of claim 33, wherein the step of performing a cryptographic operation 
comprises: 

providing a conversion key; 
storing the conversion key in the memory; and 

using the conversion key to perform said cryptographic operation upon the first set of 



NY02:2 11875.1 



-28- 




AP31994 070457.0747 




identificatkm data 




5. The system of claiip 34, wherein the step of providing a conversion key 
copftpnses: 

storing conversion key derivation data in the memory; 
storing a conversion keW derivation key in the memory; and 

performing a cryptographic operation upon the conversion key derivation data and the 
conversion key derivation key 

36. The system of :laim 35, wherein the step of performing a cryptographic operation 
upon the conversion key derivation data and the conversion key derivation key comprises using 
the conversion key derivation key to perform at least one DES operation upon the conversion key 
derivation data. 

37. The system of claim 36, wherein the conversion key derivation data is derived 
from an identification number, and wherein said at least one DES operation comprises: 

using a portion of th2 conversion key derivation key to DES-encrypt the conversion key 
derivation data, thereby producing a first conversion key generation result; 

using a portion of th^ conversion key derivation key to DES-decrypt the first conversion 
key generation result, thereby producing a second conversion key generation result; 
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using a portion of the conversion key derivation key to DES-encrypt the second 
conversion key generation result, thereby producing third conversion key generation result; 
using the third conversion key gener^flon result as a first portion of the conversion key; 
using a portion of the conversiein key derivation key to DES-encrypt the third conversion 
ey generation result, thereby raeJducing a fourth conversion key generation result; 

using a portion of tfre conversion key derivation key to DES-decrypt the fourth 
conversion key generaiion result, thereby producing a fifth conversion key generation result; 

using a nefrtion of the conversion key derivation key to DES-encrypt the fifth conversion 
key generation result, thereby producing a sixth conversion key generation result; and 

sing the sixth conversion key generation result as a second portion of the conversion 

key. 




The system of claim 33, wherein the step^f performing a cryptographic operation 

5mpnses: 

providing cryptographically-copp1^^ data; 
storing the cryptographkally-computed data in the memory; and 
performing an oi)^ration upon the first set of identification data and the cryptographically- 
computed data. 
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storing initial data in the 
performing at least one 



The system of cla|m 38, wherein the step of providing cryptographically- 
puted data comprises: 

memory; and 

ryptographic operation using a secret key upon the initial data. 



thereby producing the cryptogriphically-computed data. 



40. The system of dlaim 39, wherein said at least one cryptographic operation using a 
secret key comprises at least (me of a DES-encryption and a DES-decryption. 




A method according 



r 

t3 clai 



tained from at least a portion of an 



claim 40, wherein at least a portion of the initial data is 



account number. 



42. The system of claim 



41 , wherein the operation upon the first set of identification 



data and the cryptographically-computed data comprises either a subtraction operation or an 
addition operation. 



43. The system of claim 42, wherein the step of providing cryptographically- 
computed data further comprises generating a cryptographically-computed number having a base 
corresponding to a base of a number representing the first set of identification data, wherein said 
cryptographically-computed number has a number of digits corresponding to a number of digits 
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of said number representing the first set of identification data. 

44. The system of claim 38, wherein the step of providing cryptographically- 
computed data comprises genei ating a cryptographically-computed number having a base 
corresponding to a base of a ni mber representing the first set of identification data, wherein said 
cryptographically-computed number has a number of digits corresponding to a number of digits 
of said number representing ths first set of identification data. 

45. The system of claim 38, wherein the operation upon the first set of identification 



data and the cryptographically 
addition operation. 



computed data comprises either a subtraction operation or an 




A system for generating a cryptography key, comtM^sing: 



a memory; 

a processor in communication with the memop^; and 

a computer-readable mediimi in commmlication with the processor and storing 
instructions which, when executed, cause processor to perform the steps of: 
storing a key derivatiojakey in the memory; 

using the key derivation key in a cryptographic operation performed on data 
obtained fi'om an identificatkm number, thereby producing the cryptographic key. 
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The system of claifn 46, wherein the instructions, when executed, further cause 
processor to perform the step 
whether data received corresponds 



3f generating a key-check value suitable for determining 
to the cryptography key. 



48. The system of c 



c im 47, wherein the step of generating a key-check value 



compnses: 

storing a system-wide cbnstant in the memory; 

using a portion of the ci yptography key to DES-encrypt the system- wide constant, 
thereby producing a first key-c leck value generation result; 

using a portion of the cryptography key to DES-decrypt the first key-check value 
generation result, thereby prod ucing a second key-check value generation result; 

using a portion of the cryptography key to DES-encrypt the second key-check value 
generation result, thereby producing a third key-check value generation result; and 

selecting a portion of the third key-check value generation result for use as a key-check 

value. 




A method for generating identi|i(5ation data for an electronic financial transaction 
a communications network, compri^ng the steps of: 
providing a first set of idejafification data related to a first transaction type; 
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performing a cryptographic operation upon the first set of identification data to generate a 
cond set of identification daXa^^tust in conducting said electronic financial transaction. 





The method of claim 49, wherein said first set of identification data is an ATM- 
Ppi^ffsaid first transaction type is an ATM-transaction, said second set of identification data is an 
electronic commerce PIN, said electronic financial transaction is an electronic commerce 
transaction, said method further con: prising the step of: 

performing a second cryptographic operation upon said electronic commerce PIN to 
generate said ATM-PIN. 
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